March 22, 2015

Refactoring Coderetreats: In Search of Simple Design
In general terms, the idea is that you can explore your craft as a programmer without the usual pressures of deadlines and expectations. Not being expected to finish a solution in any session frees you up to explore new ideas, and think about how you are approaching the problem. The constant change of partners, with new and challenging constraints applied to each session, constantly gives you new perspectives on the problem, and how to solve it. Essential to a coderetreat is the opportunity for reflection. There are brief retrospectives at the end of each session and, at the end of all coderetreats, the following three questions are asked:


XaaS: Today and Tomorrow
In order to move ahead with XaaS, corporations will need to look at all of the services their IT department currently provides, and determine whether or not they are commodity services. If a company’s IT department is not able to compete with the cost-effectiveness or efficiency of a specialist service provider, it is likely a commodity service. The same is true if investing in a particular service will not return measurable value to a business. In the future, many companies will likely source those services identified as commodity services to specialist providers. This will allow them to increase their investments in areas that will result in a return of value.


A World of Mobile Delights – And Dangers
The issue with employee-owned mobile devices is that they access corporate resources outside of the control of the corporate IT team. So it can be difficult to identify even basic environmental data for these devices, such as the number and type of devices being used, and the operating systems and applications. In addition mobile malware is growing, which further increases risk. Research from Cisco indicates that 99% of malicious attacks on mobiles in 2013 occurred on devices running Google's Android operating system. Given the lack of even basic visibility, most IT security teams certainly don’t have the capability to identify potential threats from these devices.


Microsoft reveals who gets Windows 10, and how
Microsoft has not yet spelled out all the details of the upgrade process, but what it calls the "direct upgrade" from Windows 7, 8 and 8.1 will presumably retain settings, applications and data. There will be no upgrade path to Windows 10 from either the now-retired but still widely used Windows XP or its successor, Windows Vista. ... Also on the nix list is Windows RT, the scaled-back Windows 8 Microsoft failed to push as a tablet OS. While Windows RT will receive a still-undefined updatedown the line, it won't be upgraded to Windows 10. The lack of an upgrade path from Windows RT may be the closest Microsoft ever comes to explicitly saying "RT is dead."


Is Self-Service Creating Acceptance of Average?
With it, and other tools, we can all do analysis. But if we don’t have a good statistical background, is our analysis flawed? To me, this is why data scientists are so important. We need some experts to go beyond what we can do for ourselves. Average is not always good enough. This is not about being a power-user? It is about having the experience and expertise outside of the technology to use the technology to its fullest. Does this mean that self-service is a bad thing? No, but I do think more time should be spent figuring out when true experts are needed. And recognizing that means we have to accommodate that in planning.


Connecting code to business value - a foray into Behavior Driven Development
This article is a walk-through starting with a definition of what is actually useful to an end-user (the aims or business value part) and then connecting that formal value statement to code that should test whether the (software) system actually delivers that value. The discussion in the post is focused on the process of developing in such a way i.e. the pros and cons of BDD in practice, while not describing technical aspects (for a how-to in .NET see BDD using SpecFlow ). As such, it should be relevant to any programming language; Please do not read this as best practice, I am rather sharing my first experiences developing this way and the issues that surface.


Hacking Value Delivery: CIOs and the Age of the Customer - Infographic
CIOs are uniquely positioned to drive their organizations forward into the "age of the customer." That's because any organization-wide shift to improving the customer experience today must be driven by technology. But it may not happen naturally: CIOs must seize the initiative and drive strategy and process around developing CX innovations. IT priorities remain stubbornly narrow in scope. 90% of organizations claim improving efficiency and increasing productivity as the top priorities for IT. These are traditional bottom line drivers.


It’s Time for a Radically Different Approach to Application Security
Security solutions need to match the level of sophistication we’re dealing with today by understanding the fundamental nature, purpose, and characteristics of an application. They need to know how an application should look, behave, respond, and react. More to the point, however, they must be able to strike a balance between the known bad and the known good. So, rather than being an afterthought, they must be fundamentally involved in every aspect of the application flow, from the client all the way to the app server, wherever it resides. These characteristics are what define an intrinsic security solution.


The Microservice Revolution: Containerized Applications, Data and All
Martin Fowler points out in his aforementioned article, that due to the distributed nature of microservice architectures, the individual services “need to be designed so that they can tolerate failure of [other] services.” For companies like Netflix, with infrastructure spread across the globe, dealing with service failures is a constant reality. To make sure these challenges are met, Netflix famously tests their systems with their Simian Army, a set of tools that deliberately kill or degrade parts of their running software to test that the system still functions adequately under these conditions. It is the distributed nature of microservice architectures that allows this to happen.


OpenSSL fixes serious denial-of-service bug, 11 other flaws
The flaw was quietly patched in OpenSSL in January, but it was classified as low severity at the time because it can only be used to attack connections to servers that support an outdated cipher suite known as RSA export, a condition that was thought to be rare. However, recent studies have shown that support for RSA export cipher suites is far more common than previously believed, which is why the vulnerability has been reclassified as high severity, the OpenSSL Project said. The new OpenSSL patches also address eight moderate-severity flaws, some of which can also be used for denial-of-service attacks under certain conditions, as well as three low severity issues.



Quote for the day:

"Truly successful decision making relies on a balance between deliberate and instinctive thinking." --Malcolm Gladwell